SycoLTH

libreswan setup

May 26th, 2017
17
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. function startVPN() {
  2. cat <<EOF > /etc/ipsec.conf
  3. config setup
  4.   nat_traversal=yes
  5.   protostack=netkey
  6.   oe=off
  7.   virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16
  8.   keep_alive=60
  9. conn CONN
  10.   authby=secret
  11.   pfs=no
  12.   auto=add
  13.   keyingtries=3
  14.   dpddelay=30
  15.   dpdtimeout=120
  16.   dpdaction=clear
  17.   rekey=yes
  18.   ikelifetime=8h
  19.   keylife=24h
  20.   type=transport
  21.   left=$LOCAL_IP
  22.   leftsubnet=$LOCAL_SUBNET
  23.   leftnexthop=%defaultroute
  24.   right=$REMOTE_IP
  25.   rightsubnet=$REMOTE_SUBNET
  26. EOF
  27. cat /etc/ipsec.conf
  28. echo
  29. echo
  30.  
  31. cat <<EOF > /etc/ipsec.secrets
  32. %any $REMOTE_IP : PSK "$SHARED_SECRET"
  33. EOF
  34. cat /etc/ipsec.secrets
  35. echo
  36. echo
  37.  
  38. cat <<EOF > /etc/xl2tpd/xl2tpd.conf
  39. [global]
  40. listen-addr=$LOCAL_IP
  41.  
  42. [lac vpn-conn]
  43. lns=$REMOTE_IP
  44. ppp debug=yes
  45. pppoptfile=/etc/ppp/options.l2tpd.conf
  46. length bit=yes
  47. EOF
  48. cat /etc/xl2tpd/xl2tpd.conf
  49. echo
  50. echo
  51.  
  52. cat <<EOF > /etc/ppp/options.l2tpd.conf
  53. ipcp-accept-local
  54. ipcp-accept-remote
  55. refuse-eap
  56. refuse-chap
  57. refuse-mschap
  58. refuse-pap
  59. require-mschap-v2
  60. noccp
  61. noauth
  62. mtu 1200
  63. mru 1200
  64. nodefaultroute
  65. name $USERNAME
  66. password $PASSWORD
  67. EOF
  68. cat /etc/ppp/options.l2tpd.conf
  69. echo
  70. echo
  71.  
  72. echo 1 > /proc/sys/net/ipv4/ip_forward
  73. for x in /proc/sys/net/ipv4/conf/*; do
  74.   echo 0 > $x/accept_redirects
  75.   echo 0 > $x/send_redirects
  76. done
  77. systemctl restart iptables
  78. iptables --table nat -A POSTROUTING -j MASQUERADE
  79.  
  80. mkdir -p /var/run/xl2tpd
  81. touch /var/run/xl2tpd/l2tp-control
  82.  
  83. systemctl start ipsec
  84. sleep 3
  85.  
  86. systemctl start xl2tpd
  87. sleep 3
  88.  
  89. ipsec auto --up CONN
  90. sleep 3
  91.  
  92. echo "c vpn-conn" > /var/run/xl2tpd/l2tp-control
  93. sleep 3
  94.  
  95. echo
  96.  
  97. V_IP=$(ip addr show dev ppp0|grep -oP 'inet\ (\d+\.){3}\d+'|awk '{print $2}'|cut -d'/' -f1)
  98. echo "V_IP: $V_IP"
  99. ip route add $REMOTE_SUBNET via $V_IP dev ppp0
  100. }
  101.  
  102. function stopVPN() {
  103. echo 'ipsec auto --down CONN'
  104. ipsec auto --down CONN
  105. sleep 3
  106.  
  107. echo -n 'systemctl stop xl2tpd '
  108. systemctl stop xl2tpd
  109. sleep 3
  110.  
  111. echo -n 'systemctl stop ipsec '
  112. systemctl stop ipsec
  113. sleep 3
  114.  
  115. rm -f /etc/ipsec.conf
  116. rm -f /etc/ipsec.secrets
  117. rm -f /etc/xl2tpd/xl2tpd.conf
  118. rm -f /etc/ppp/options.l2tpd.conf
  119. }
  120.  
  121. USERNAME='your_USERNAME'
  122. PASSWORD='your_PASSWORD'
  123.  
  124. LOCAL_IP='your_LOCAL_IP'
  125. LOCAL_MASK='your_LOCAL_MASK'
  126. LOCAL_SUBNET='your_LOCAL_SUBNET'
  127.  
  128. REMOTE_IP='your_REMOTE_IP'
  129. REMOTE_SUBNET='your_REMOTE_SUBNET'
  130. SHARED_SECRET='your_SHARED_SECRET'
  131.  
  132. stopVPN
  133. startVPN
RAW Paste Data